Skip to content

Commit 06e6068

Browse files
Kl0venKl0ven
committed
fix: add allowed host and csrf trusted origins
1 parent df7bb47 commit 06e6068

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

controller/settings.py

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,13 +26,18 @@
2626
# SECURITY WARNING: don't run with debug turned on in production!
2727
DEBUG = os.getenv("ENV", "production") != "production"
2828
TESTING = sys.argv[1:2] == ["test"] or os.getenv("TESTING")
29-
ALLOWED_HOSTS = ["*"]
3029

3130
STATIC_URL = os.getenv("STATIC_URL", "/assets/static/")
3231
MEDIA_URL = os.getenv("MEDIA_URL", "/assets/media/")
3332
STATIC_ROOT = os.path.join(BASE_DIR, "assets/static")
3433
MEDIA_ROOT = os.path.join(BASE_DIR, "assets/media")
3534

35+
if not DEBUG:
36+
ALLOWED_HOSTS = os.getenv("ALLOWED_HOSTS", "").split(",")
37+
CSRF_TRUSTED_ORIGINS = os.getenv("CSRF_TRUSTED_ORIGINS", "").split(",")
38+
else:
39+
ALLOWED_HOSTS = ["*"]
40+
3641
# Application definition
3742

3843
INSTALLED_APPS = [

0 commit comments

Comments
 (0)